Ireland’s Healthcare System’s IT Offline Following Ransomware Attack

Ireland’s healthcare system is being subjected to a ransomware attack, which has led to its taking its IT systems offline and the cancellation of a number of hospital appointments.

HSE Ireland, the body responsible for the provision of health and personal social services for everyone living in Ireland, revealed the ongoing incident in a tweet this morning, stating: “There is a significant ransomware attack on the HSE IT systems. We have taken the precaution of shutting down all our IT systems in order to protect them from this attack and to allow us to fully assess the situation with our own security partners.

“We apologise for inconvenience caused to patients and to the public and will give further information as it becomes available.”

The organization stressed that COVID-19 vaccination services are not affected and will continue as normal, as will the operations of Ireland’s National Ambulance Service.

However, as a result of the attack, maternity care provider Rotunda Hospital in Dublin announced that it has cancelled all outpatient visits today, except for those who are 36 weeks pregnant or later.

Speaking to RTE’s Morning Ireland, HSE chief executive Paul Reid said the organization is working to contain a sophisticated human-operated ransomware attack on its IT systems, adding that the incident is impacting all national and local systems involved in all core services.

Discussing the news with Infosecurity, Brian Honan, CEO of BH Consulting, who is based in Ireland, gave his thoughts on HSE's reaction to the incident: "I have to applaud the HSE’s response to this. Firstly, they announced that it was a ransomware attack so as to avoid any speculation and secondly they described the impact it had on their systems. Throughout the day the HSE has had several senior officials speak publicly and kept the public updated with what is going on. The reaction to shut down IT systems to protect them from any further compromise is also a very positive and proactive step to protect those systems, although it does mean the impact of the attack, the number of systems going offline, is large. The HSE has also engaged the Irish National Cyber Security Centre, the Irish Defence forces, and the Garda (Irish police) to deal with the attack.

"The next steps are to identify how the breach happened, close the gaps that allowed the attackers in, and then recover your systems from safe and secure backups. If they have no reliable backups then the choice is to pay the ransom or rebuild the data manually. It should be noted the HSE have stated they are not going to pay the ransom which is a stance that should be applauded."

Honan went on to discuss the attack in the context of the current threat landscape. "It demonstrates that criminals have no conscience as they will attack a victim no matter what the victim is. To attack a health service and hospitals in the normal times is abhorrent, to do so during a pandemic is simply repulsive behavior by those behind these attacks.

"However, this attack and others is symptomatic of a problem that has been growing over the past years and will unfortunately continue to grow. Ransomware attacks are proving too lucrative for criminals to turn their backs on. Until recently the attacks have been seen as an IT problem, but attacking hospitals and critical infrastructure (the Colonial Pipeline attack last week) demonstrates that ransomware is a critical threat against our society, our economies and our lives and we need a coordinate response from governments to tackle this scourge."

Also commenting on the story, Dean Ferrando, systems engineering manager (EMEA) at Tripwire, said: "Whenever we see an attack on healthcare services, it is always a serious concern because it can have a direct impact on the safety and lives of people. Given the increased cyber-attacks against healthcare organizations, it is simply no longer sufficient to merely be compliant with security frameworks. Remember, ransomware doesn’t just suddenly appear on systems. It has to get there through exploited vulnerabilities, phishing, or other means. While we tend to focus on the ransomware itself, the best way to avoid becoming a victim is to prevent the infection in the first place. And the best way to prevent ransomware infections is to address the infection vectors by hardening systems, patching vulnerabilities, ensuring systems are configured securely, and preventing phishing. Also, security training for all personnel is a critical element of any cyber-defense strategy."

David Higgins, EMEA technical director at CyberArk, noted the huge damage attacks of this nature can have on healthcare: “The success of this ransomware campaign is concerning for so many reasons. Previous attacks such as WannaCry in 2017, which cost the NHS £92m and saw 19,000 appointments cancelled, are a stark reminder of the consequences this kind of cyber-attack can have. They're callous, and what's devastating is that they can lead to the loss of life.”

The new incident is the latest in a number of recent high-profile ransomware attacks, with use of this tactic surging during the past year. These include the ransomware attack on the East Coast Fuel pipeline in the US last week, following which it has been reported that the operator, Colonial Pipeline, paid a $5m ransom within hours of the incident.

What’s Hot on Infosecurity Magazine?